Alex Di Giacomo

Cybersecurity & Technology Executive | Strategic CIO/CISO | Architect of Resilient, High-Performing Tech Organizations

Seattle, Washington, United States

About

Information Security and Technology Executive with over 26 years of experience leading enterprise-wide security programs, digital transformation initiatives, and IT governance across both public and private sectors. I specialize in building resilient, high-performing security organizations that align with strategic business goals and regulatory frameworks. My leadership has consistently delivered measurable outcomes, including top-tier maturity ratings, business-specific KPIs, and seamless integration of cybersecurity into multi-billion-dollar, long-term infrastructure programs. Throughout my career, I’ve led global security operations, managed multimillion-dollar budgets, and driven compliance with standards such as ISO 27001, NIST and PCI-DSS, to name a few. I hold advanced certifications including the CISSP, CISM, CISA, CRISC, CDPSE and C|CISO. I’m also a frequent speaker, lecturer, and contributor to professional communities focused on cybersecurity, risk management, IT strategy and leadership. A core pillar of my leadership philosophy is investing in people. I take pride in building high-performing, mission-driven teams and fostering a culture of growth, accountability and continuous learning. Throughout my career, I’ve mentored emerging leaders, designed succession plans, and created development pathways that empower professionals to thrive in complex, high-stakes environments, Whether guiding technical specialists or shaping future executives, I believe that cultivating talent is essential to sustaining innovation and resilience in cybersecurity and IT. I bring a strategic mindset, operational excellence, and a collaborative approach to executive leadership. Whether guiding enterprise risk strategies or modernizing mission-critical infrastructure, I focus on enabling innovation while safeguarding organizational integrity.

Experience

  • Chief Information Security Officer at Sound Transit
    Feb 2016 - Present · 10 yrs 6 mos

    Developing and executing the CISO strategy roadmap for the Agency. Designing, implementing and managing the Information Security Management System and Program. Overseeing the information security risk management activities. Partnering with business functions to ensure alignment of business objectives with information security objectives to achieve proper enablement and risk control. Representing the Agency's CISO function in interagency collaboration, as well as other industry activities with an information security impact.

  • Avanade (4 yrs 4 mos)
    • Security Governance Lead
      Aug 2015 - Jan 2016 · 6 mos

      • Directing the implementation and operation of the Information Security Management System (ISMS) for Avanade's Unified Communications and Collaboration Managed Services business unit • Implementing ISO 27001 and 27002 compliant processes, practices and governance to secure UCCMS operations • Overseeing the risk management function within the context of the UCCMS ISMS and its coordination with the corporate ERM function • Directing and overseeing all essential information security capabilities for the Business Unit, such as business continuity planning, disaster recovery, incident response, vulnerability management, training and awareness, security oversight of vendor management activities, development and maintenance of policies , standards and IT-processes, internal audit support and compliance • Representing the Security function in interactions with UCCMS clients, as well as external industry associations and other organizations

    • Group Manager - IT Security Service Owner
      Oct 2011 - Aug 2015 · 3 yrs 11 mos

      Management of Avanade's ITS Security service (ITIL), responsible for all Security service offerings, including Information Security Governance, IT Security Controls, Audit Support, Risk Management and Regulatory and Policy Compliance for Avanade's internal IT Systems globally.

  • Information Security, Risk and Management Consultant / Smart Grid Security Consultant at Accenture
    Aug 2010 - Oct 2011 · 1 yr 3 mos

    Consultant in the Smart Grid Security and IT Security and Risk practices at Accenture. Specializing in the fields of IT Security Governance, Risk Management Strategies, Information Security Management, Regulatory Compliance (NERC CIP) and Information Security Frameworks (NIST, COBIT, ISO 27001 and 27002), Network Security Architectures and technologies; as well as in the Management Consulting, Organizational Design, Engineering, Communications, Utility Operations, Regulatory Compliance, and Strategy Design aspects of Smart Grid initiatives.

  • Douglas County PUD (10 yrs 7 mos)
    • Cyber Security Officer
      May 2008 - Aug 2010 · 2 yrs 4 mos

      Cyber Security Officer with oversight of Douglas County PUD's mission critical systems subject to Federal reliability regulations (NERC). Responsible for leading and managing the District's Information Security compliance program for the NERC CIP standards. Member of the Senior Management NERC Compliance committee, responsible for developing and implementing the District's strategy and compliance program for all NERC standards. In this capacity, I developed the District’s first Cyber Security Policy and the District’s first Information Protection Policy to comply with the CIP 003 and CIP 004 standards. Additional duties in this capacity included providing the cyber security training required by the NERC CIP 004 R2 standard to all District employees, as well as leading and coordinating the CIP 004 R1 awareness activities.

    • Power Systems Control Engineer
      Jan 2005 - Aug 2010 · 5 yrs 8 mos

      Control system development, operations and maintenance (software design, project management and engineering supervision) for the District in-house developed, Wonderware-based SCADA System . Telecommunications Network design, operation and maintenance. All aspects including hardware at Layer 1 (fiber optic backbone and distribution infrastructure, microwave radios, telephony, mobile radios) and layers 2 - 4 (telecommunication and network protocols, e.g. Ethernet, TCP/IP, SONET) Network Security engineering design, operations and maintenance (User and System Authentication (RADIUS, 802.1X), Electronic Security Perimeters, Role-based User Access Control policies, Secure Remote Access to Critical Substations and Facilities. Private Branch Exchange (PBX) and VoIP Telephony systems engineering design, operation and maintenance for the District’s business and mission-critical applications. Development, implementation and maintenance of contingency and asset recovery plans for mission-critical control and communication systems. Supervision and coordination of activities for the staff of engineering technicians. Management and administration of the District’s communication service contracts. Procurement, management and administration of the District’s technical support contracts for mission-critical systems. Engineering support for special projects requiring advanced or complex technological systems. Responsible for the development and original implementation of the the District's compliance program for the NERC CIP standards. Interacting with outside entities regarding issues encompassing system interconnections with neighboring utilities, project and contract negotiation, equipment and materials procurement, and regulatory compliance (FERC, NERC, WECC). Technical specification writing for new and replacement equipment procurement. Researching alternative energy sources (e.g. fuel cells, solar) for incorporation into the District’s energy portfolio.

    • Electrical Engineer - Control Systems
      Feb 2000 - Jan 2005 · 5 yrs

      Control system development, operations and maintenance (software design, project management and engineering supervision) for the District in-house developed, Wonderware-based SCADA System . Telecommunications Network design, operation and maintenance. All aspects including hardware at Layer 1 (fiber optic backbone and distribution infrastructure, microwave radios, telephony, mobile radios) and layers 2 - 4 (telecommunication and network protocols, e.g. Ethernet, TCP/IP, SONET) Network Security engineering design, operations and maintenance (User and System Authentication (RADIUS, 802.1X), Electronic Security Perimeters, Role-based User Access Control policies, Secure Remote Access to Critical Substations and Facilities. Engineering design, operation and maintenance for the District’s business and mission-critical applications. Engineering support for special projects requiring advanced or complex technological systems. Technical specification writing for new and replacement equipment procurement. Researching alternative energy sources (e.g. fuel cells, solar) for incorporation into the District’s energy portfolio.